Port Scanner

Check which TCP ports are open on any host or IP address

Port Preset

Common (23 ports) Top 50 Web Database Mail Custom

Try:

This tool only scans well-known ports on public hosts. Private and reserved IPs are blocked.

Frequently Asked Questions

A port scanner checks which TCP ports on a server are open and accepting connections. Ports are numbered endpoints (0–65535) that allow different network services to run on the same server. Port 80 is HTTP, port 443 is HTTPS, port 22 is SSH, etc. Open ports indicate running services; closed ports mean nothing is listening there or a firewall is blocking the connection.

Open: A service is actively listening on the port and the TCP connection succeeded. Closed: The port is not open — either no service is running on that port, or a firewall is dropping/rejecting packets. This tool uses TCP connect scanning — if the connection is established within the timeout, the port is marked open.

Port scanning your own servers is always legal. Scanning third-party servers without permission may be illegal in many jurisdictions and is a violation of most hosting terms of service. This tool is intended for scanning your own public-facing servers to audit your firewall configuration. Only scan servers you own or have explicit permission to test.

Each closed/filtered port must wait for a TCP connection timeout (1.5 seconds per port in this tool). For the Top 50 preset, a host with mostly closed ports could take up to 75 seconds. Open ports respond instantly. Firewalls that drop packets (rather than send a TCP RST) cause the most delay. Use the "Common" preset for faster results.

For a web server, you typically want port 80 (HTTP) and 443 (HTTPS) open, and everything else closed. Common security concerns: port 22 (SSH) should be restricted to known IPs, port 3306 (MySQL) and 5432 (PostgreSQL) should never be publicly open, port 3389 (RDP) is a frequent brute-force target. Open database and admin ports on public servers are a serious security risk.

scanme.nmap.org is a server maintained by the Nmap project specifically for port scanning tests. It has explicit permission for the public to scan it, making it a safe target for testing port scanners. Ports 22 and 80 are intentionally open on that host.

Well-known port assignments: 21 — FTP (file transfer); 22 — SSH (secure shell); 25 — SMTP (mail submission); 53 — DNS; 80 — HTTP; 443 — HTTPS; 3306 — MySQL; 5432 — PostgreSQL; 6379 — Redis; 27017 — MongoDB; 3389 — RDP (Windows Remote Desktop); 8080 and 8443 — common HTTP/HTTPS alternates for dev servers. Ports 0–1023 are "well-known" ports reserved for system services; 1024–49151 are "registered" ports; 49152–65535 are dynamic/private ports.

A closed port is actively refusing connections — the server responds with a TCP RST (reset) packet, meaning the port is reachable but no service is listening. A filtered port does not respond at all — a firewall is silently dropping packets destined for that port. From a security standpoint, filtered is preferable because it reveals less information to attackers. This tool uses TCP connect scans with a timeout, so ports that don't respond within the timeout are treated as closed/filtered — it cannot distinguish between the two states without more advanced techniques like SYN scanning.

TCP (Transmission Control Protocol) is connection-oriented — it establishes a handshake before data transfer and guarantees delivery and ordering. Most application protocols (HTTP, HTTPS, SSH, FTP, SMTP) run over TCP. UDP (User Datagram Protocol) is connectionless — packets are sent without a handshake, with no delivery guarantee. UDP is used where speed matters more than reliability: DNS (port 53), DHCP (67/68), VoIP, game servers, video streaming, and QUIC/HTTP3 (port 443 UDP). This tool only scans TCP ports; UDP scanning requires different techniques.

Port scanning systems you own or have explicit written permission to test is legal and a standard security practice. Scanning systems without permission is a different matter — in many jurisdictions it may violate computer crime laws (such as the Computer Fraud and Abuse Act in the US, or the Computer Misuse Act in the UK), and it violates the terms of service of virtually every hosting provider and cloud platform. Even if the scan itself is passive, it can trigger intrusion detection systems and lead to IP blocks or legal complaints. The rule is simple: only scan what you own or have clear permission to test.

About This Port Scanner

This free online Port Scanner performs TCP connect scans on any public host. Select from presets (Common, Top 50, Web, Database, Mail) or enter a custom port list. Results show each port's status and the associated service name. Private and reserved IP addresses are blocked to prevent abuse.

Common Ports Reference

Port	Protocol	Service
22	TCP	SSH
25	TCP	SMTP
80	TCP	HTTP
443	TCP	HTTPS
3306	TCP	MySQL
5432	TCP	PostgreSQL
6379	TCP	Redis
27017	TCP	MongoDB

Port Ranges

Range	Category
0–1023	Well-known / System ports
1024–49151	Registered ports
49152–65535	Dynamic / Ephemeral ports

Standards & References

Related Internet Tools

View all articles

IPv6's Address Space Is Too Big to Scan — Here's Why That Doesn't Make It Secure

A misconfigured open port on an IPv4 server gets found by automated scanners within hours, because the entire IPv4 address space is small enough to scan exhaustively. The same misconfiguration on an IPv6 server might never be found this way — not because it's more secure, but because 2^128 addresses is too large to scan at any practical rate. Here's how IPv6 hosts actually get discovered instead (DNS records, certificate transparency logs, predictable address patterns), and why "too big to scan" is security through obscurity, not security.

Jun 15, 2026

NAT and Port Forwarding for Home Networks: Why "Filtered" Doesn't Mean "Firewalled"

Most home network ports show "filtered" from the internet — not because of a configured firewall, but as a side effect of how NAT works: incoming connections without an existing mapping have nowhere to go. Here's the open/closed/filtered distinction, how NAT creates this effect, why port forwarding and UPnP change it, and the CGNAT limitation that can make port forwarding fail entirely.

Jun 12, 2026

Cloud Security Groups: AWS, GCP, Azure — Common Misconfigurations and How to Audit Them

Every major cloud breach has the same pattern: legitimate infrastructure, misconfigured security groups. Here's how AWS Security Groups, GCP Firewall Rules, and Azure NSGs work, the most common dangerous misconfigurations (databases open to 0.0.0.0/0), and why scanning your own cloud infrastructure is security hygiene.

Jun 10, 2026

Common Server Ports: Which Should Be Open and Which Must Be Firewalled

Every open port is a potential attack surface. Here's a practical reference of common ports — what they do, which should be publicly accessible, and which are commonly left dangerously exposed — with guidance on interpreting scan results.

Jun 9, 2026

Port Scanner — Check Open Ports & Verify Server Security Configuration

Learn how port scanning works, what common port numbers mean, how to identify dangerous open ports, and how to use a free port scanner to verify your server's security posture.

Jun 6, 2026

Port Scanner

Frequently Asked Questions

What is a port scanner?

What does "open" vs "closed" mean?

Is port scanning legal?

Why is the scan slow?

What are the most important ports to check?

What is scanme.nmap.org?

What are the most common port numbers and their services?

What is the difference between a filtered port and a closed port?

What is the difference between TCP and UDP ports?

What are the legal and ethical considerations of port scanning?